On Sun, May 04, 2003 at 06:30:43AM -0700, Jon Baer wrote:
> > sourceforge project to do this (http://sf.net/projects/rpcap) although it
> > appears to need a lot more work - I couldn't even get the CVS version to
> > build. I had some discussions with the maintainer, and it looked like he
> did
>
> Is this the same project that is from the creators of WinPCap?
No. The rpcap stuff in WinPcap
1) is not ONC RPC-based, unlike the SourceForge rpcap;
2) doesn't work by providing a replacement implementation of (a
subset of) the libpcap API, so that to choose between local
and remote capture you have to choose which library to build
or run the application with, it adds new APIs, which allows
the application to support both by using the new APIs.
> I can't tell
> ... what is wierd I think is that there is a link to an RPCAP capable
> Analyzer version that is linked on that page
> (http://analyzer.polito.it/30alpha/) but it's no where to be found and the
> current version on the site is 2.2. Does anyone know where you can download
> Analyzer > 3.x?
I'd suggest asking the WinPcap developers, as the same group that
develops WinPcap also develops WinDump and Analyzer.
> It would seem that Ethereal could have a plugin to read the RPCAP protocol
> form (rpcap://host/adapter) ...
The only thing for which Ethereal can have plugins is dissectors for
protocols. A dissector for the RPCAP protocol would let you debug
problems with that protocol - but it would not, in any way, let Ethereal
*use* that protocol to capture remotely. There is no provision in
Ethereal for plugins that would add new devices on which to capture, so
Ethereal could *not* have a plugin to do that.